Docker Remote API can be secured using TLS and client certificate verification. To do this you need generate :
- CA certificate
- Server certificate
- Server key
- Client certificate
- Client key
Create certificates
To create the certificates, you can use the script below:
Enable Remote API with TLS
We need to update the default docker.service definition to use the TLS certs, the below script assumes the server certificates.
Setup your client and test it !!!
Just copy the client certificates to ~/.docker/ , for convenience You can also set the DOCKER_HOST environment variable
mkdir ~/.docker
cp ca.pem ~/.docker
cp client-cert.pem ~/.docker/cert.pem
cp client-key.pem ~/.docker/key.pem
export DOCKER_HOST=10.21.21.12:4243After copying the certificates you should be able to access your protected docker api.
